Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12963C721B848E63702E361C68D68A71D7396E745CF100F85A9F45A7DABE3FE1D8431E8 |
|
CONTENT
ssdeep
|
1536:GwfPoMN2TDGCe2U0oOXdxTfafZruB0fiFywBQkFODVeQ9Aadm+j:GwfPoMeo2xTUZruB0fiFywBQb9Aac+j |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
80a07df74dc2465f |
|
VISUAL
aHash
|
007f7f7fffff3c00 |
|
VISUAL
dHash
|
0696f0d0d04c6031 |
|
VISUAL
wHash
|
00437f7fffef0000 |
|
VISUAL
colorHash
|
06000000e00 |
|
VISUAL
cropResistant
|
9696f0d0d854cc68,cb44c4444d4e7170,008830303028c000,0810306a1b617170 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 273 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)